CVE-2019-25618
Received Received - Intake
Denial of Service via Oversized Input in AdminExpress

Publication date: 2026-03-22

Last updated on: 2026-03-22

Assigner: VulnCheck

Description
AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to cause the application to become unresponsive or crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-03-22
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25618
EUVD
EUVD-2019-19977
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
adminexpress adminexpress to 1.2.5.485 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2019-25618 is a denial of service vulnerability in AdminExpress version 1.2.5. It occurs in the System Compare feature where a local attacker can submit an oversized input buffer into the Folder Path field.'}, {'type': 'paragraph', 'content': "By pasting a large number of characters (for example, 5000 'A's) into this field and triggering the comparison function, the application becomes unresponsive or crashes."}, {'type': 'paragraph', 'content': 'This is likely caused by a buffer overflow due to improper handling of the input size.'}] [1, 2]

Impact Analysis

This vulnerability can cause the AdminExpress application to crash or become unresponsive, resulting in a denial of service condition.

An attacker with local access can exploit this by submitting oversized input to disrupt normal operation, potentially leading to downtime or loss of availability of the application.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition using the System Compare feature in AdminExpress 1.2.5. Specifically, an oversized input buffer (e.g., 5000 "A" characters) is submitted into the Folder Path field.'}, {'type': 'list_item', 'content': 'Open AdminExpress and navigate to the System Compare feature.'}, {'type': 'list_item', 'content': 'Paste a large buffer of characters (such as 5000 "A" characters) into the Folder Path field.'}, {'type': 'list_item', 'content': 'Click the scales icon next to the Folder Path input to trigger the comparison.'}, {'type': 'paragraph', 'content': 'If the application becomes unresponsive or crashes, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'A proof-of-concept exploit script is available that generates the large payload buffer, which can be used to test the vulnerability.'}] [1]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25618. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart